mobbdev 1.2.28 → 1.2.32

package/dist/args/commands/upload_ai_blame.mjs

@@ -851,12 +851,15 @@ var init_client_generates = __esm({
 }
     `;
     AnalyzeCommitForExtensionAiBlameDocument = `
-    mutation AnalyzeCommitForExtensionAIBlame($repositoryURL: String!, $commitSha: String!, $organizationId: String!, $commitTimestamp: Timestamp) {
+    mutation AnalyzeCommitForExtensionAIBlame($repositoryURL: String!, $commitSha: String!, $organizationId: String!, $commitTimestamp: Timestamp, $commitAuthor: GitIdentityInput, $commitCommitter: GitIdentityInput, $commitCoAuthors: [GitIdentityInput!]) {
   analyzeCommitForAIBlame(
     repositoryURL: $repositoryURL
     commitSha: $commitSha
     organizationId: $organizationId
     commitTimestamp: $commitTimestamp
+    commitAuthor: $commitAuthor
+    commitCommitter: $commitCommitter
+    commitCoAuthors: $commitCoAuthors
   ) {
     __typename
     ... on ProcessAIBlameFinalResult {
@@ -2636,6 +2639,217 @@ var init_configs = __esm({
   }
 });
 
+// src/utils/blame/gitBlameTypes.ts
+import { z as z19 } from "zod";
+function parseCoAuthorValue(raw) {
+  const trimmed = raw.trim();
+  if (!trimmed) {
+    return null;
+  }
+  const openBracket = trimmed.lastIndexOf("<");
+  const closeBracket = trimmed.lastIndexOf(">");
+  if (openBracket === -1 || closeBracket === -1 || closeBracket < openBracket) {
+    return null;
+  }
+  const name = trimmed.slice(0, openBracket).trim();
+  const email = trimmed.slice(openBracket + 1, closeBracket).trim();
+  if (!name || !email) {
+    return null;
+  }
+  return { name, email };
+}
+function parseCommitLine(line) {
+  const parts = line.split("\0");
+  if (parts.length < 7) {
+    return null;
+  }
+  return {
+    sha: parts[0],
+    author: { name: parts[2], email: parts[1] },
+    committer: { name: parts[4], email: parts[3] },
+    coAuthors: parts.slice(7).map(parseCoAuthorValue).filter((v) => v !== null),
+    timestamp: parseInt(parts[5], 10),
+    message: parts[6]
+  };
+}
+var PrepareGitBlameMessageZ, PrepareGitBlameResponseMessageZ, CommitMetadataZ, LineToCommitMapZ, CommitMetadataMapZ, BlameInfoZ, LineRangeZ, PrContextZ, PrepareCommitBlameMessageZ, BlameLineInfoZ, FileBlameDataZ, ChunkFetchResultZ, FileBlameResponseEntryZ, CommitBlameDataZ, CommitInfoZ, GitIdentityZ, COMMIT_LOG_FORMAT, CommitDataZ, PrDiffDataZ, PrStatsZ, CommitsManifestZ, BlameLineEntryZ, BlameLinesDataZ, PrepareCommitBlameResponseMessageZ;
+var init_gitBlameTypes = __esm({
+  "src/utils/blame/gitBlameTypes.ts"() {
+    "use strict";
+    PrepareGitBlameMessageZ = z19.object({
+      reportId: z19.string(),
+      repoArchivePath: z19.string()
+    });
+    PrepareGitBlameResponseMessageZ = z19.object({
+      reportId: z19.string()
+    });
+    CommitMetadataZ = z19.object({
+      author: z19.string().optional(),
+      "author-mail": z19.string().optional(),
+      "author-time": z19.string().optional(),
+      "author-tz": z19.string().optional(),
+      committer: z19.string().optional(),
+      "committer-mail": z19.string().optional(),
+      "committer-time": z19.string().optional(),
+      "committer-tz": z19.string().optional(),
+      summary: z19.string().optional(),
+      filename: z19.string().optional()
+    });
+    LineToCommitMapZ = z19.record(z19.string(), z19.string());
+    CommitMetadataMapZ = z19.record(z19.string(), CommitMetadataZ);
+    BlameInfoZ = z19.object({
+      lineToCommit: LineToCommitMapZ,
+      commitMetadata: CommitMetadataMapZ
+    });
+    LineRangeZ = z19.object({
+      /** First line in chunk (1-indexed) */
+      start: z19.number(),
+      /** Last line in chunk (inclusive) */
+      end: z19.number()
+    });
+    PrContextZ = z19.object({
+      prNumber: z19.number(),
+      repositoryUrl: z19.string(),
+      organizationId: z19.string(),
+      userEmail: z19.string(),
+      source: z19.enum(["pr", "github"]),
+      githubContext: z19.object({
+        prNumber: z19.number(),
+        installationId: z19.number(),
+        repositoryURL: z19.string()
+      }).optional()
+    });
+    PrepareCommitBlameMessageZ = z19.object({
+      /** Commit blame request ID from database (for tracking and updating status) */
+      commitBlameRequestId: z19.string(),
+      /** Organization ID (for org-scoped caching) */
+      organizationId: z19.string(),
+      /** Full repository URL (e.g., https://github.com/org/repo) */
+      repositoryUrl: z19.string(),
+      /** Commit SHA to analyze (typically PR head commit) */
+      commitSha: z19.string(),
+      /** Authentication headers for repository access (e.g., GitHub token) */
+      extraHeaders: z19.record(z19.string(), z19.string()).default({}),
+      // --- PR analysis fields ---
+      /** Target branch name (from getPr() base.ref). When set, enables PR analysis mode. */
+      targetBranch: z19.string().optional(),
+      /** Context for triggering blame attribution analysis after SCM agent completes. */
+      prContext: PrContextZ.optional(),
+      /** User email for blame attribution analysis trigger context (used for both PR and single commit flows). */
+      userEmail: z19.string().optional()
+    });
+    BlameLineInfoZ = z19.object({
+      /** Line number as it appeared in the introducing commit */
+      originalLineNumber: z19.number(),
+      /** Commit SHA that introduced this line */
+      commitSha: z19.string(),
+      /** Author name for this line */
+      authorName: z19.string().optional(),
+      /** Author email for this line */
+      authorEmail: z19.string().optional()
+    }).nullable();
+    FileBlameDataZ = z19.array(BlameLineInfoZ);
+    ChunkFetchResultZ = z19.object({
+      filePath: z19.string(),
+      lines: z19.array(z19.number()),
+      data: FileBlameDataZ.nullable()
+    });
+    FileBlameResponseEntryZ = z19.object({
+      /** Chunk index (0 for small files, 0-N for large file chunks) */
+      chunkIndex: z19.number(),
+      /** Blame data array (1-indexed, index 0 is null) */
+      blameData: FileBlameDataZ
+    });
+    CommitBlameDataZ = z19.record(
+      z19.string(),
+      // fileName
+      z19.array(FileBlameResponseEntryZ)
+    );
+    CommitInfoZ = z19.object({
+      /** Number of parent commits (1 = normal commit, 2+ = merge commit, null = failed to determine) */
+      parentCount: z19.number().nullable()
+    });
+    GitIdentityZ = z19.object({
+      name: z19.string(),
+      email: z19.string()
+    });
+    COMMIT_LOG_FORMAT = "%H%x00%ae%x00%an%x00%ce%x00%cn%x00%at%x00%s%x00%(trailers:key=Co-authored-by,valueonly,separator=%x00)";
+    CommitDataZ = z19.object({
+      diff: z19.string(),
+      author: GitIdentityZ,
+      committer: GitIdentityZ,
+      coAuthors: z19.array(GitIdentityZ),
+      timestamp: z19.number(),
+      // Unix timestamp in seconds
+      message: z19.string().optional(),
+      parentCount: z19.number().nullable()
+    });
+    PrDiffDataZ = z19.object({
+      diff: z19.string()
+    });
+    PrStatsZ = z19.object({
+      additions: z19.number(),
+      deletions: z19.number()
+    });
+    CommitsManifestZ = z19.object({
+      commits: z19.array(z19.string())
+      // Array of commit SHAs in order
+    });
+    BlameLineEntryZ = z19.object({
+      file: z19.string(),
+      line: z19.number(),
+      originalCommitSha: z19.string(),
+      originalLineNumber: z19.number()
+    });
+    BlameLinesDataZ = z19.object({
+      lines: z19.array(BlameLineEntryZ)
+    });
+    PrepareCommitBlameResponseMessageZ = z19.object({
+      /** Commit blame request ID (matches request, used to update specific DB record) */
+      commitBlameRequestId: z19.string(),
+      /** Organization ID (matches request) */
+      organizationId: z19.string(),
+      /** Repository URL (matches request) */
+      repositoryUrl: z19.string(),
+      /** Commit SHA analyzed (matches request) */
+      commitSha: z19.string(),
+      /** Processing status */
+      status: z19.enum(["success", "failure"]),
+      /** Error message (only present if status is 'failure') */
+      error: z19.string().optional(),
+      /**
+       * Blame data for all processed files/chunks.
+       * Empty dictionary if status is 'failure'.
+       * Contains line mappings as arrays if status is 'success'.
+       */
+      blameData: CommitBlameDataZ,
+      /**
+       * Info about each commit referenced in the blame data plus the head commit.
+       * Keyed by commit SHA, deduplicated.
+       * Empty dictionary if status is 'failure'.
+       */
+      commits: z19.record(z19.string(), CommitInfoZ).default({}),
+      // --- New PR diff computation response fields ---
+      /** S3 paths for commit-level data (commitSha → S3 key). Present in PR analysis mode and single commit mode. */
+      commitDataS3Paths: z19.record(z19.string(), z19.string()).optional(),
+      /** S3 key for PR diff JSON. Present in PR analysis mode. */
+      prDiffS3Path: z19.string().optional(),
+      /** S3 key for commits manifest. Present in PR analysis mode. */
+      commitsManifestS3Path: z19.string().optional(),
+      /** S3 key for per-line targeted blame data. Present in PR analysis mode. */
+      blameLinesS3Path: z19.string().optional(),
+      /** S3 key for PR stats (additions/deletions). Present in PR analysis mode. */
+      prStatsS3Path: z19.string().optional(),
+      /** PR context passed through from request for response handler. */
+      prContext: PrContextZ.optional(),
+      /** PR title from the request metadata (passed through). */
+      prTitle: z19.string().optional(),
+      /** User email passed through from request for single commit blame attribution analysis trigger. */
+      userEmail: z19.string().optional()
+    });
+  }
+});
+
 // src/features/analysis/scm/services/ExcludedDirs.ts
 var EXCLUDED_DIRS;
 var init_ExcludedDirs = __esm({
@@ -3308,6 +3522,7 @@ var init_GitService = __esm({
   "src/features/analysis/scm/services/GitService.ts"() {
     "use strict";
     init_configs();
+    init_gitBlameTypes();
     init_urlParser2();
     init_FileUtils();
     MAX_COMMIT_DIFF_SIZE_BYTES = 3 * 1024 * 1024;
@@ -3804,7 +4019,7 @@ ${rootContent}`;
           const DIFF_DELIMITER = "---MOBB_DIFF_START---";
           const output = await this.git.show([
             commitSha,
-            `--format=%cI%n${DIFF_DELIMITER}`,
+            `--format=${COMMIT_LOG_FORMAT}%n${DIFF_DELIMITER}`,
             "--patch"
           ]);
           const delimiterIndex = output.indexOf(DIFF_DELIMITER);
@@ -3825,16 +4040,16 @@ ${rootContent}`;
             });
             return null;
           }
-          const metadataLines = metadataOutput.trim().split("\n");
-          if (metadataLines.length < 1 || !metadataLines[0]) {
+          const metadataLine = metadataOutput.trim();
+          const parsed = parseCommitLine(metadataLine);
+          if (!parsed) {
             this.log("[GitService] Unexpected metadata format", "warning", {
               commitSha,
-              metadataLines
+              metadataLine
             });
             return null;
           }
-          const timestampStr = metadataLines[0];
-          const timestamp = new Date(timestampStr);
+          const timestamp = new Date(parsed.timestamp * 1e3);
           this.log("[GitService] Local commit data retrieved", "debug", {
             commitSha,
             diffSizeBytes,
@@ -3842,7 +4057,10 @@ ${rootContent}`;
           });
           return {
             diff,
-            timestamp
+            timestamp,
+            author: parsed.author,
+            committer: parsed.committer,
+            coAuthors: parsed.coAuthors
           };
         } catch (error) {
           const errorMessage = `Failed to get local commit data: ${error.message}`;
@@ -3860,11 +4078,11 @@ import * as os3 from "os";
 import path6 from "path";
 import chalk3 from "chalk";
 import { withFile } from "tmp-promise";
-import z26 from "zod";
+import z27 from "zod";
 
 // src/commands/handleMobbLogin.ts
 import chalk2 from "chalk";
-import Debug6 from "debug";
+import Debug7 from "debug";
 
 // src/utils/dirname.ts
 import fs from "fs";
@@ -4085,10 +4303,8 @@ var errorMessages = {
 var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 
 // src/features/analysis/graphql/gql.ts
-import fetchOrig from "cross-fetch";
-import Debug5 from "debug";
+import Debug6 from "debug";
 import { GraphQLClient } from "graphql-request";
-import { HttpsProxyAgent } from "https-proxy-agent";
 import { v4 as uuidv4 } from "uuid";
 
 // src/mcp/core/Errors.ts
@@ -4118,6 +4334,71 @@ var ScanContext = {
   BUGSY: "BUGSY"
 };
 
+// src/utils/proxy.ts
+import fetchOrig from "cross-fetch";
+import Debug2 from "debug";
+import { HttpsProxyAgent } from "https-proxy-agent";
+
+// src/utils/url.ts
+function httpToWsUrl(url) {
+  const parsed = new URL(url);
+  parsed.protocol = parsed.protocol === "https:" ? "wss:" : "ws:";
+  return parsed.toString();
+}
+
+// src/utils/proxy.ts
+var debug2 = Debug2("mobbdev:proxy");
+function getHttpProxy() {
+  return process.env["HTTPS_PROXY"] || process.env["HTTP_PROXY"] || "";
+}
+function getHttpProxyOnly() {
+  return process.env["HTTP_PROXY"] || "";
+}
+function getProxyAgent(url) {
+  try {
+    const parsedUrl = new URL(url);
+    const hostname = parsedUrl.hostname.toLowerCase();
+    if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1" || hostname === "[::1]") {
+      debug2("Skipping proxy for localhost URL: %s", url);
+      return void 0;
+    }
+    const noProxy = process.env["NO_PROXY"] || process.env["no_proxy"];
+    if (noProxy) {
+      const noProxyList = noProxy.split(",").map((h) => h.trim().toLowerCase());
+      if (noProxyList.includes(hostname) || noProxyList.includes("*")) {
+        debug2("Skipping proxy due to NO_PROXY for: %s", url);
+        return void 0;
+      }
+    }
+    const isHttp = parsedUrl.protocol === "http:";
+    const isHttps = parsedUrl.protocol === "https:";
+    const proxy = isHttps ? getHttpProxy() : isHttp ? getHttpProxyOnly() : null;
+    if (proxy) {
+      debug2("Using proxy %s", proxy);
+      debug2("Proxy agent %o", proxy);
+      return new HttpsProxyAgent(proxy);
+    }
+  } catch (err) {
+    debug2(`Skipping proxy for ${url}. Reason: ${err.message}`);
+  }
+  return void 0;
+}
+var fetchWithProxy = (url, options = {}) => {
+  try {
+    const agent = getProxyAgent(url.toString());
+    if (agent) {
+      return fetchOrig(url, {
+        ...options,
+        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
+        agent
+      });
+    }
+  } catch (err) {
+    debug2(`Skipping proxy for ${url}. Reason: ${err.message}`);
+  }
+  return fetchOrig(url, options);
+};
+
 // src/utils/subscribe/subscribe.ts
 import { createClient } from "graphql-ws";
 import WebsocketNode from "isomorphic-ws";
@@ -4146,11 +4427,11 @@ function getGraphQlHeaders(options) {
 }
 
 // src/utils/subscribe/subscribe.ts
-var DEFAULT_API_URL2 = "https://api.mobb.ai/v1/graphql";
+var DEFAULT_API_URL2 = "wss://api.mobb.ai/v1/graphql";
 var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
 function createWSClient(options) {
-  const url = options.url || (process.env["API_URL"] || DEFAULT_API_URL2).replace("http", "ws");
-  const websocketImpl = options.websocket || (typeof WebSocket !== "undefined" ? WebSocket : WebsocketNode);
+  const url = options.url || (process.env["API_URL"] ? httpToWsUrl(process.env["API_URL"]) : DEFAULT_API_URL2);
+  const websocketImpl = options.websocket || WebsocketNode;
   const CustomWebSocket = options.proxyAgent ? (
     // biome-ignore lint/suspicious/noExplicitAny: Dynamic WebSocket extension requires any cast for cross-platform compatibility
     class extends websocketImpl {
@@ -6169,7 +6450,7 @@ var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
 init_env();
 import querystring from "querystring";
 import * as api from "azure-devops-node-api";
-import Debug2 from "debug";
+import Debug3 from "debug";
 import { z as z18 } from "zod";
 
 // src/features/analysis/scm/ado/validation.ts
@@ -6208,7 +6489,7 @@ var accountsZ = z17.object({
 });
 
 // src/features/analysis/scm/ado/utils.ts
-var debug2 = Debug2("mobbdev:scm:ado");
+var debug3 = Debug3("mobbdev:scm:ado");
 
 // src/features/analysis/scm/ado/AdoSCMLib.ts
 import { setTimeout as setTimeout2 } from "timers/promises";
@@ -6220,39 +6501,39 @@ init_GitService();
 import querystring2 from "querystring";
 import * as bitbucketPkgNode from "bitbucket";
 import bitbucketPkg from "bitbucket";
-import Debug3 from "debug";
-import { z as z20 } from "zod";
+import Debug4 from "debug";
+import { z as z21 } from "zod";
 
 // src/features/analysis/scm/bitbucket/validation.ts
-import { z as z19 } from "zod";
-var BitbucketAuthResultZ = z19.object({
-  access_token: z19.string(),
-  token_type: z19.string(),
-  refresh_token: z19.string()
+import { z as z20 } from "zod";
+var BitbucketAuthResultZ = z20.object({
+  access_token: z20.string(),
+  token_type: z20.string(),
+  refresh_token: z20.string()
 });
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
-var debug3 = Debug3("scm:bitbucket");
+var debug4 = Debug4("scm:bitbucket");
 var BITBUCKET_HOSTNAME = "bitbucket.org";
-var TokenExpiredErrorZ = z20.object({
-  status: z20.number(),
-  error: z20.object({
-    type: z20.string(),
-    error: z20.object({
-      message: z20.string()
+var TokenExpiredErrorZ = z21.object({
+  status: z21.number(),
+  error: z21.object({
+    type: z21.string(),
+    error: z21.object({
+      message: z21.string()
     })
   })
 });
 var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
-var BitbucketParseResultZ = z20.object({
-  organization: z20.string(),
-  repoName: z20.string(),
-  hostname: z20.literal(BITBUCKET_HOSTNAME)
+var BitbucketParseResultZ = z21.object({
+  organization: z21.string(),
+  repoName: z21.string(),
+  hostname: z21.literal(BITBUCKET_HOSTNAME)
 });
 
 // src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
 import { setTimeout as setTimeout3 } from "timers/promises";
-import { z as z21 } from "zod";
+import { z as z22 } from "zod";
 
 // src/features/analysis/scm/constants.ts
 var REPORT_DEFAULT_FILE_NAME = "report.json";
@@ -6261,7 +6542,7 @@ var REPORT_DEFAULT_FILE_NAME = "report.json";
 init_env();
 
 // src/features/analysis/scm/github/GithubSCMLib.ts
-import { z as z22 } from "zod";
+import { z as z23 } from "zod";
 init_client_generates();
 
 // src/features/analysis/scm/github/github.ts
@@ -6283,7 +6564,7 @@ import {
   AccessLevel,
   Gitlab
 } from "@gitbeaker/rest";
-import Debug4 from "debug";
+import Debug5 from "debug";
 import pLimit from "p-limit";
 import {
   Agent,
@@ -6293,151 +6574,107 @@ import {
 
 // src/utils/contextLogger.ts
 import debugModule from "debug";
-var debug4 = debugModule("mobb:shared");
+var debug5 = debugModule("mobb:shared");
 
 // src/features/analysis/scm/gitlab/gitlab.ts
 init_env();
 
 // src/features/analysis/scm/gitlab/types.ts
-import { z as z23 } from "zod";
-var GitlabAuthResultZ = z23.object({
-  access_token: z23.string(),
-  token_type: z23.string(),
-  refresh_token: z23.string()
+import { z as z24 } from "zod";
+var GitlabAuthResultZ = z24.object({
+  access_token: z24.string(),
+  token_type: z24.string(),
+  refresh_token: z24.string()
 });
 
 // src/features/analysis/scm/gitlab/gitlab.ts
-var debug5 = Debug4("scm:gitlab");
+var debug6 = Debug5("scm:gitlab");
 
 // src/features/analysis/scm/gitlab/GitlabSCMLib.ts
 init_client_generates();
 
 // src/features/analysis/scm/scmFactory.ts
-import { z as z24 } from "zod";
+import { z as z25 } from "zod";
 
 // src/features/analysis/graphql/gql.ts
 init_client_generates();
 
 // src/features/analysis/graphql/types.ts
 init_client_generates();
-import { z as z25 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z25.object({
-  vulnerabilityReportIssueId: z25.string(),
-  path: z25.string(),
-  startLine: z25.number(),
-  vulnerabilityReportIssue: z25.object({
-    fixId: z25.string(),
-    category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
-    safeIssueType: z25.string(),
-    vulnerabilityReportIssueTags: z25.array(
-      z25.object({
-        tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
+import { z as z26 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z26.object({
+  vulnerabilityReportIssueId: z26.string(),
+  path: z26.string(),
+  startLine: z26.number(),
+  vulnerabilityReportIssue: z26.object({
+    fixId: z26.string(),
+    category: z26.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
+    safeIssueType: z26.string(),
+    vulnerabilityReportIssueTags: z26.array(
+      z26.object({
+        tag: z26.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
       })
     )
   })
 });
-var VulnerabilityReportIssueNoFixCodeNodeZ = z25.object({
-  vulnerabilityReportIssues: z25.array(
-    z25.object({
-      id: z25.string(),
-      fixId: z25.string().nullable(),
-      category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
-      safeIssueType: z25.string(),
-      fpId: z25.string().uuid().nullable(),
-      codeNodes: z25.array(
-        z25.object({
-          path: z25.string(),
-          startLine: z25.number()
+var VulnerabilityReportIssueNoFixCodeNodeZ = z26.object({
+  vulnerabilityReportIssues: z26.array(
+    z26.object({
+      id: z26.string(),
+      fixId: z26.string().nullable(),
+      category: z26.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
+      safeIssueType: z26.string(),
+      fpId: z26.string().uuid().nullable(),
+      codeNodes: z26.array(
+        z26.object({
+          path: z26.string(),
+          startLine: z26.number()
         })
       ),
-      vulnerabilityReportIssueTags: z25.array(
-        z25.object({
-          tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
+      vulnerabilityReportIssueTags: z26.array(
+        z26.object({
+          tag: z26.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
         })
       )
     })
   )
 });
-var GetVulByNodesMetadataZ = z25.object({
-  vulnerabilityReportIssueCodeNodes: z25.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z25.object({
-    aggregate: z25.object({
-      count: z25.number()
+var GetVulByNodesMetadataZ = z26.object({
+  vulnerabilityReportIssueCodeNodes: z26.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z26.object({
+    aggregate: z26.object({
+      count: z26.number()
     })
   }),
-  fixablePrVuls: z25.object({
-    aggregate: z25.object({
-      count: z25.number()
+  fixablePrVuls: z26.object({
+    aggregate: z26.object({
+      count: z26.number()
     })
   }),
-  totalScanVulnerabilities: z25.object({
-    aggregate: z25.object({
-      count: z25.number()
+  totalScanVulnerabilities: z26.object({
+    aggregate: z26.object({
+      count: z26.number()
     })
   }),
-  irrelevantVulnerabilityReportIssue: z25.array(
+  irrelevantVulnerabilityReportIssue: z26.array(
     VulnerabilityReportIssueNoFixCodeNodeZ
   )
 });
 
 // src/features/analysis/graphql/gql.ts
-var debug6 = Debug5("mobbdev:gql");
+var debug7 = Debug6("mobbdev:gql");
 var API_KEY_HEADER_NAME = "x-mobb-key";
 var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
-function getProxyAgent(url) {
-  try {
-    const parsedUrl = new URL(url);
-    const hostname = parsedUrl.hostname.toLowerCase();
-    if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1" || hostname === "[::1]") {
-      debug6("Skipping proxy for localhost URL: %s", url);
-      return void 0;
-    }
-    const noProxy = process.env["NO_PROXY"] || process.env["no_proxy"];
-    if (noProxy) {
-      const noProxyList = noProxy.split(",").map((h) => h.trim().toLowerCase());
-      if (noProxyList.includes(hostname) || noProxyList.includes("*")) {
-        debug6("Skipping proxy due to NO_PROXY for: %s", url);
-        return void 0;
-      }
-    }
-    const isHttp = parsedUrl.protocol === "http:";
-    const isHttps = parsedUrl.protocol === "https:";
-    const proxy = isHttps ? HTTPS_PROXY || HTTP_PROXY : isHttp ? HTTP_PROXY : null;
-    if (proxy) {
-      debug6("Using proxy %s", proxy);
-      debug6("Proxy agent %o", proxy);
-      return new HttpsProxyAgent(proxy);
-    }
-  } catch (err) {
-    debug6(`Skipping proxy for ${url}. Reason: ${err.message}`);
-  }
-  return void 0;
-}
-var fetchWithProxy = (url, options = {}) => {
-  try {
-    const agent = getProxyAgent(url.toString());
-    if (agent) {
-      return fetchOrig(url, {
-        ...options,
-        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
-        agent
-      });
-    }
-  } catch (err) {
-    debug6(`Skipping proxy for ${url}. Reason: ${err.message}`);
-  }
-  return fetchOrig(url, options);
-};
 var GQLClient = class {
   constructor(args) {
     __publicField(this, "_client");
     __publicField(this, "_clientSdk");
     __publicField(this, "_apiUrl");
     __publicField(this, "_auth");
-    debug6(`init with  ${args}`);
+    debug7(`init with  ${args}`);
     this._auth = args;
     this._apiUrl = args.apiUrl || API_URL;
-    debug6(
+    debug7(
       "GQLClient constructor: resolved apiUrl=%s (from param: %s)",
       this._apiUrl,
       args.apiUrl || "fallback to API_URL constant"
@@ -6449,7 +6686,7 @@ var GQLClient = class {
       fetch: fetchWithProxy,
       requestMiddleware: (request) => {
         const requestId = uuidv4();
-        debug6(
+        debug7(
           `sending API request with id: ${requestId} and with request: ${request.body}`
         );
         return {
@@ -6486,7 +6723,7 @@ var GQLClient = class {
       await this.getUserInfo();
     } catch (e) {
       if (e?.toString().startsWith("FetchError")) {
-        debug6("verify connection failed %o", e);
+        debug7("verify connection failed %o", e);
         return false;
       }
     }
@@ -6498,7 +6735,7 @@ var GQLClient = class {
     try {
       info = await this.getUserInfo();
     } catch (e) {
-      debug6("verify token failed %o", e);
+      debug7("verify token failed %o", e);
       return false;
     }
     return info?.email || true;
@@ -6559,7 +6796,7 @@ var GQLClient = class {
     try {
       await this._clientSdk.CreateCommunityUser();
     } catch (e) {
-      debug6("create community user failed %o", e);
+      debug7("create community user failed %o", e);
     }
   }
   async updateScmToken(args) {
@@ -6739,11 +6976,13 @@ var GQLClient = class {
           this._auth.type === "apiKey" ? {
             apiKey: this._auth.apiKey,
             type: "apiKey",
+            url: httpToWsUrl(this._apiUrl),
             timeoutInMs: params.timeoutInMs,
             proxyAgent: getProxyAgent(this._apiUrl)
           } : {
             token: this._auth.token,
             type: "token",
+            url: httpToWsUrl(this._apiUrl),
             timeoutInMs: params.timeoutInMs,
             proxyAgent: getProxyAgent(this._apiUrl)
           }
@@ -6756,7 +6995,7 @@ var GQLClient = class {
     const startTime = Date.now();
     const maxDuration = timeoutInMs ?? 30 * 60 * 1e3;
     const pollingIntervalSec = REPORT_STATE_CHECK_DELAY / 1e3;
-    debug6(
+    debug7(
       `[pollForAnalysisState] Starting polling for analysis ${analysisId}, target states: ${callbackStates.join(", ")}, interval: ${pollingIntervalSec}s`
     );
     let isPolling = true;
@@ -6765,7 +7004,7 @@ var GQLClient = class {
       pollCount++;
       const elapsedSec = Math.round((Date.now() - startTime) / 1e3);
       if (Date.now() - startTime > maxDuration) {
-        debug6(
+        debug7(
           `[pollForAnalysisState] Timeout expired after ${pollCount} polls (${elapsedSec}s)`
         );
         throw new ReportDigestError(
@@ -6773,20 +7012,20 @@ var GQLClient = class {
           `Analysis timed out after ${Math.round(maxDuration / 6e4)} minutes. Please try again or check the Mobb platform for status.`
         );
       }
-      debug6(
+      debug7(
         `[pollForAnalysisState] Poll #${pollCount} (elapsed: ${elapsedSec}s) - fetching analysis state...`
       );
       const analysis = await this.getAnalysis(analysisId);
-      debug6(
+      debug7(
         `[pollForAnalysisState] Poll #${pollCount} - current state: ${analysis.state}`
       );
       if (!analysis.state || analysis.state === "Failed" /* Failed */) {
         const errorMessage = analysis.failReason || `Analysis failed with id: ${analysis.id}`;
-        debug6(`[pollForAnalysisState] Analysis failed: ${errorMessage}`);
+        debug7(`[pollForAnalysisState] Analysis failed: ${errorMessage}`);
         throw new ReportDigestError(errorMessage, analysis.failReason ?? "");
       }
       if (callbackStates.includes(analysis.state)) {
-        debug6(
+        debug7(
           `[pollForAnalysisState] Target state reached: ${analysis.state} after ${pollCount} polls (${elapsedSec}s)`
         );
         await callback(analysis.id);
@@ -6799,7 +7038,7 @@ var GQLClient = class {
           }
         };
       }
-      debug6(
+      debug7(
         `[pollForAnalysisState] State ${analysis.state} not in target states, waiting ${pollingIntervalSec}s before next poll...`
       );
       await sleep(REPORT_STATE_CHECK_DELAY);
@@ -7068,7 +7307,7 @@ var AuthManager = class {
 };
 
 // src/commands/handleMobbLogin.ts
-var debug7 = Debug6("mobbdev:commands");
+var debug8 = Debug7("mobbdev:commands");
 var LOGIN_MAX_WAIT2 = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY2 = 5 * 1e3;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk2.bgBlue(
@@ -7080,7 +7319,7 @@ async function getAuthenticatedGQLClient({
   apiUrl,
   webAppUrl
 }) {
-  debug7(
+  debug8(
     "getAuthenticatedGQLClient called with: apiUrl=%s, webAppUrl=%s",
     apiUrl || "undefined",
     webAppUrl || "undefined"
@@ -7103,7 +7342,7 @@ async function handleMobbLogin({
   webAppUrl,
   loginContext
 }) {
-  debug7(
+  debug8(
     "handleMobbLogin: resolved URLs - apiUrl=%s (from param: %s), webAppUrl=%s (from param: %s)",
     apiUrl || "fallback",
     apiUrl || "fallback",
@@ -7122,7 +7361,7 @@ async function handleMobbLogin({
       return authManager.getGQLClient();
     }
   } catch (error) {
-    debug7("Authentication check failed:", error);
+    debug8("Authentication check failed:", error);
   }
   if (apiKey) {
     createSpinner().start().error({
@@ -7174,9 +7413,9 @@ init_GitService();
 init_urlParser2();
 
 // src/features/analysis/upload-file.ts
-import Debug7 from "debug";
+import Debug8 from "debug";
 import fetch3, { File, fileFrom, FormData } from "node-fetch";
-var debug8 = Debug7("mobbdev:upload-file");
+var debug9 = Debug8("mobbdev:upload-file");
 async function uploadFile({
   file,
   url,
@@ -7189,9 +7428,9 @@ async function uploadFile({
   logInfo(`FileUpload: upload file start ${url}`);
   logInfo(`FileUpload: upload fields`, uploadFields);
   logInfo(`FileUpload: upload key ${uploadKey}`);
-  debug8("upload file start %s", url);
-  debug8("upload fields %o", uploadFields);
-  debug8("upload key %s", uploadKey);
+  debug9("upload file start %s", url);
+  debug9("upload fields %o", uploadFields);
+  debug9("upload key %s", uploadKey);
   const form = new FormData();
   Object.entries(uploadFields).forEach(([key, value]) => {
     form.append(key, value);
@@ -7200,11 +7439,11 @@ async function uploadFile({
     form.append("key", uploadKey);
   }
   if (typeof file === "string") {
-    debug8("upload file from path %s", file);
+    debug9("upload file from path %s", file);
     logInfo(`FileUpload: upload file from path ${file}`);
     form.append("file", await fileFrom(file));
   } else {
-    debug8("upload file from buffer");
+    debug9("upload file from buffer");
     logInfo(`FileUpload: upload file from buffer`);
     form.append("file", new File([new Uint8Array(file)], "file"));
   }
@@ -7215,11 +7454,11 @@ async function uploadFile({
     agent
   });
   if (!response.ok) {
-    debug8("error from S3 %s %s", response.body, response.status);
+    debug9("error from S3 %s %s", response.body, response.status);
     logInfo(`FileUpload: error from S3 ${response.body} ${response.status}`);
     throw new Error(`Failed to upload the file: ${response.status}`);
   }
-  debug8("upload file done");
+  debug9("upload file done");
   logInfo(`FileUpload: upload file done`);
 }
 
@@ -7317,7 +7556,8 @@ import { OpenRedaction } from "@openredaction/openredaction";
 var openRedaction = new OpenRedaction({
   patterns: [
     // Core Personal Data
-    "EMAIL",
+    // Removed EMAIL - causes false positives in code/test snippets (e.g. --author="Eve Author <eve@example.com>")
+    // Prefer false negatives over false positives for this use case.
     "SSN",
     "NATIONAL_INSURANCE_UK",
     "DATE_OF_BIRTH",
@@ -7332,7 +7572,8 @@ var openRedaction = new OpenRedaction({
     "VISA_MRZ",
     "TAX_ID",
     // Financial Data (removed SWIFT_BIC, CARD_AUTH_CODE - too broad, causing false positives with authentication words)
-    "CREDIT_CARD",
+    // Removed CREDIT_CARD - causes false positives on zero-filled UUIDs (e.g. '00000000-0000-0000-0000-000000000000')
+    // Prefer false negatives over false positives for this use case.
     "IBAN",
     "BANK_ACCOUNT_UK",
     "ROUTING_NUMBER_US",
@@ -7418,15 +7659,6 @@ async function sanitizeDataWithCounts(obj) {
         ...piiDetections.low
       ];
       for (const detection of allDetections) {
-        if (detection.type === "CREDIT_CARD") {
-          const start = detection.position[0];
-          const end = detection.position[1];
-          const charBefore = (start > 0 ? str[start - 1] : "") ?? "";
-          const charAfter = str[end] ?? "";
-          if (charBefore === "." || charBefore >= "0" && charBefore <= "9" || charAfter >= "0" && charAfter <= "9") {
-            continue;
-          }
-        }
         counts.detections.total++;
         if (detection.severity === "high") counts.detections.high++;
         else if (detection.severity === "medium") counts.detections.medium++;
@@ -7479,8 +7711,8 @@ var defaultLogger = {
     }
   }
 };
-var PromptItemZ = z26.object({
-  type: z26.enum([
+var PromptItemZ = z27.object({
+  type: z27.enum([
     "USER_PROMPT",
     "AI_RESPONSE",
     "TOOL_EXECUTION",
@@ -7488,32 +7720,32 @@ var PromptItemZ = z26.object({
     "MCP_TOOL_CALL"
     // MCP (Model Context Protocol) tool invocation
   ]),
-  attachedFiles: z26.array(
-    z26.object({
-      relativePath: z26.string(),
-      startLine: z26.number().optional()
+  attachedFiles: z27.array(
+    z27.object({
+      relativePath: z27.string(),
+      startLine: z27.number().optional()
     })
   ).optional(),
-  tokens: z26.object({
-    inputCount: z26.number(),
-    outputCount: z26.number()
+  tokens: z27.object({
+    inputCount: z27.number(),
+    outputCount: z27.number()
   }).optional(),
-  text: z26.string().optional(),
-  date: z26.date().optional(),
-  tool: z26.object({
-    name: z26.string(),
-    parameters: z26.string(),
-    result: z26.string(),
-    rawArguments: z26.string().optional(),
-    accepted: z26.boolean().optional(),
+  text: z27.string().optional(),
+  date: z27.date().optional(),
+  tool: z27.object({
+    name: z27.string(),
+    parameters: z27.string(),
+    result: z27.string(),
+    rawArguments: z27.string().optional(),
+    accepted: z27.boolean().optional(),
     // MCP-specific fields (only populated for MCP_TOOL_CALL type)
-    mcpServer: z26.string().optional(),
+    mcpServer: z27.string().optional(),
     // MCP server name (e.g., "datadog", "mobb-mcp")
-    mcpToolName: z26.string().optional()
+    mcpToolName: z27.string().optional()
     // MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
   }).optional()
 });
-var PromptItemArrayZ = z26.array(PromptItemZ);
+var PromptItemArrayZ = z27.array(PromptItemZ);
 async function getRepositoryUrl() {
   try {
     const gitService = new GitService(process.cwd());